First, I may have attributed this to the wrong "component", I'm not sure where this is going wrong. I can authenticate to the UNIX share (using ADS security) from a win2K client for a short time after samba is restarted, but eventually (within a couple of hours) I start getting the windows message "there are currently no logon servers available to service the logon request". I have found that a "net ads join" makes the problem go away without restarting samba. I am currently using the CVS code from 2003-08-18 plus the winbind patch from bug 282. I will be attaching debug 10 logs shortly.
Created attachment 90 [details] winbind -d10 Items of note in the attachment: SNB-FTON-AD1 = the primary AD server SNB-FTON-DBS8 = the Unix server SNB-FTON-BMC1 = the win2k client SNB.CA = the AD realm MYGROUP = the workgroup line from smb.conf "could not open handle to NETLOGON pipe"
Created attachment 91 [details] smbd -d10 Items of note: [2003/08/20 11:29:10, 10] lib/gencache.c:gencache_get(285) Cache entry with key = TDOM/SNB couldn't be found [2003/08/20 11:29:10, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(172) no entry for trusted domain SNB found. ... First occurance of MYGROUP instead of SNB ... [2003/08/20 11:29:10, 10] lib/gencache.c:gencache_get(285) Cache entry with key = TDOM/SNB couldn't be found [2003/08/20 11:29:10, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(172) no entry for trusted domain SNB found. ... [2003/08/20 11:29:10, 5] auth/auth.c:check_ntlm_password(268) check_ntlm_password: winbind authentication for user [xbking] FAILED with erro r NT_STATUS_NO_LOGON_SERVERS [2003/08/20 11:29:10, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: Authentication for user [xbking] -> [xbking] FAILED with error NT_STATUS_NO_LOGON_SERVERS ... [2003/08/20 11:29:10, 5] auth/auth_util.c:make_user_info_map(216) make_user_info_map: Mapping user [SNB]\[xbking] from workstation [SNB-FTON-BMC 1] [2003/08/20 11:29:10, 10] lib/gencache.c:gencache_get(285) Cache entry with key = TDOM/SNB couldn't be found [2003/08/20 11:29:10, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(172) no entry for trusted domain SNB found. ... [2003/08/20 11:29:10, 3] auth/auth.c:check_ntlm_password(216) check_ntlm_password: Checking password for unmapped user [SNB]\[xbking]@[SNB- FTON-BMC1] with the new password interface [2003/08/20 11:29:10, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: mapped user is: [MYGROUP]\[xbking]@[SNB-FTON-BMC1] ... [2003/08/20 11:29:55, 2] smbd/server.c:exit_server(558) Closing connections [2003/08/20 11:29:55, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2003/08/20 11:29:55, 3] smbd/connection.c:yield_connection(76) yield_connection: tdb_delete for name failed with error Record does not exist .
Also interesting. smbclient -k \\\\snb-fton-dbs8\\public (from a remote UNIX machine) works while connecting from the win2k box with the same AD/kerberos credentials gives the "no logon servers" message.
More strangeness that appears to be related. I've used 'setfacl' to allow 2 groups access to a directory/share. bash-2.05# getfacl /oracle/app/oracle/admin/planet/P2900AT/files/planetexternaldata # file: /oracle/app/oracle/admin/planet/P2900AT/files/planetexternaldata # owner: oracle # group: MYGROUP\planet-external-data-mt user::rwx group::r-x #effective:r-x group:MYGROUP\planet-map-admin-mt:rwx #effective:r-x mask:r-x other:r-x When I assigned the facls, it said 'SNB' where it says MYGROUP above. After I stop and start 'nscd', a getfacl shows the correct info again: bash-2.05# getfacl /oracle/app/oracle/admin/planet/P2900AT/files/planetexternaldata # file: /oracle/app/oracle/admin/planet/P2900AT/files/planetexternaldata # owner: oracle # group: SNB\planet-external-data-mt user::rwx group::r-x #effective:r-x group:SNB\planet-map-admin-mt:rwx #effective:r-x mask:r-x other:r-x There seems to be some kind of 'blip' where the domain/realm switches to MYGROUP temporarily and this confuses nscd, and possibly other things as well. (just a guess)
I have not seen this re-occur since upgrading to newer CVS versions. Not sure exactly when it disappeared, or if it's just a very rare occurance. Close and I'll re-open if I ever see it again?
assuming this is really for Samba 3.0
originally reported against one of the 3.0.0rc[1-4] releases. Cleaning up non-production versions.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
database cleanup